Looks like a jackass randomly targeting any old Web sites he can manage to compromise, for no other purpose than to get notoriety for himself. He took a kitchen-sink approach and these are the ones that went down the drain. There’s no obvious ethical or political agenda at work in breaching those wildly different sites.

I doubt the website it self was hacked, looks like some trickery with the DNS servers meaning you are actually being sent to a completely different website. Worst part is if they wanted to, they could just make their “fake” site look like the real thing, and steal user passwords and such without people ever knowing.

I fired off an e-mail to ipadmin@bluemilenetworks.com, who supposedly administrates the IP address block which contains the one that is being used to host the dummy site. Guess we will see if they can do anything, now.

Domain name attacks like this can be done via social engineering, such as password recovery or actually tricking somebody at the DNS registrar to disclosing info. This has been around forever, albeit not a full system compromise but ugly as it takes a long time to clear up.

So this was real, and as others have said, it was a compromise at the registrar, not at The Register. The probable reason why I did not see it: the co.uk parent domain changes had been reversed before I checked.

This incident is a good example of why I recommend NOT using one’s ISP nameservers. The benefit of cache hits being slightly faster is offset by the TTL being, on average, half of what you would get by doing your own recursion to the authoritative NS. And then you get to share in the cache poisoning with all the other users.

Yes, my recursive resolver could get a poisoned cache as well, but the window of opportunity for mischief is much smaller. And I can flush the cache if I suspect something is amiss.